< Changes
OpenLDAP: Drop TCP wrappers support
Summary
As per [1], TCP wrappers are being deprecated in Fedora. Also, as per [2], upstream discourages its usage in favour of other means of protection (e.g. firewall). After this change OpenLDAP will no longer be affected by TCP wrappers configuration.
Owner
- Name: Matus Honek
- Email: mhonek@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 28
- Last updated: 2017-11-29
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
After this change, OpenLDAP will not be configured with --enable-wrappers resulting in potential TCP wrappers configuration having no effect on OpenLDAP (i.e. slapd binary executable). Please, use other means of protection for the OpenLDAP server.
Benefit to Fedora
This change is due to the deprecation of TCP wrappers, details may be found in [3]
Scope
- Proposal owners: Remove dependency of OpenLDAP on TCP wrappers. See [4].
- Other developers: None
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
Users should use other means of protection. TCP wrappers protection ceases to work.
How To Test
Running the following should not return anything:
ldd /usr/sbin/slapd | grep libwrap
User Experience
Users are encouraged to check their security configuration.
Dependencies
N/A
Contingency Plan
- Contingency mechanism: Reverting the change
- Contingency deadline: Beta freeze?
- Blocks release? No
Documentation
N/A
Release Notes
Fedora 28 removes support for tcp_wrappers. Therefore, OpenLDAP no longer supports them. Please, use other means of protection.